FIDO Metadata Clarifications

Skip to first unread message

Thamindu Dilshan Jayawickrama

Mar 21, 2022, 12:59:30 AMMar 21
to FIDO Dev (fido-dev)
Hi All,

We've been trying to implement the FIDO MDS3 support on our identity server product to pass FIDO2 compliance tests. In the process, I have ended up in the following questions/ doubts regarding the procedure and would like to obtain some clarification.
  1. When running metadata tests, we must submit our server url to and add the provided MDS endpoints to the server. As for my observations, these MDS endpoints are unique to the server url. We can configure these urls permanently in the server and fetch them once every month assuming data at these endpoints will be updated. Is that correct?
  2. Should we provide all of these MDS endpoints (I have noticed a total of 5 endpoints) to the server when initializing certificate path validations (I'm using the java webauthn4j library)? The reason to ask this question was, I have noticed runtime exceptions due to invalid metadata BLOB signatures corresponding to some endpoints. Also, the MDS3 spec mentioned about having one metadata JSON file. What is the purpose of these multiple service endpoints?
  3. My another observation is that, the mds endpoints obtained by submitting the server url to contains some test metadata which only relates to the conformance testing. Does that mean there's no need to keep these mds endpoints in the server permanently and can obtain some fixed endpoints with the actual data after obtaining the FIDO certificate?
  4. Also, we’ve been using an adapter to perform communications between the tool and the server. In that case, what is the server url we should publish to We are currently using the adapter url as the server url in the conformance tool.
Your help is highly appreciated.

Thanks in advance.

Reply all
Reply to author
0 new messages